Private browsing: it’s not so private

The private browsing features found in most Web browsers, designed to keep …

Research by Stanford University to investigate the privacy of the "private browsing" feature of many Web browsers suggests that the tools aren't all that private after all, and that many kinds of information can be leaked by browsers when using the mode. The paper is due to be presented next week at the USENIX security conference.

"InPrivate Browsing" in Internet Explorer, "Incognito mode" in Chrome, and "Private Browsing" in Firefox and Safari all strive to do the same two things: make it impossible for users of the same computer to figure out which sites the browser has been used to visit, and make it impossible for sites to know whether or not a particular user has previously visited them.

To keep browsing private from other users of the same machine, browsers must discard (or avoid creating) any history entries, cached items, cookies, and so on. To prevent sites from being able to track visitors, the browsers must ensure that they don't send any cookies or other identifiable information from non-private sessions when in private mode.

The researchers found that the browsers' protections were imperfect. Browsers did not properly isolate their private sessions from non-private ones, with the result that suitably crafted sites could trace visitors between private and non-private sessions. Sites could also leave persistent indications that they had been visited, allowing visits to be detected by local users.

The big problem: add-ons

The problem got worse when extensions and plugins were considered. All four browsers tested enabled plugins in private mode, and these plugins can themselves store data that allows both kinds of privacy to be defeated.

One example of such a plugin used to be Adobe Flash; Flash has its own cookie system, and it used to be the case that Flash's cookies did not respect the privacy mode of the browser. Cookies set in private mode persisted, and cookies set in public mode were readable from private mode. Fortunately, Flash has since been fixed, but any plugin could contain similar errors.

Internet Explorer and Chrome both disable browser extensions by default in their private mode; Firefox, however, does not, and this provides yet another avenue by which private information can be leaked.

As part of their research, the team also collected information on how often people use private modes. Though Microsoft advertises InPrivate Browsing as a way for people to buy gifts online without any risk that the recipient will find out, the most common use of private browsing was (shockingly) to explore the Internet's seedy underbelly, keeping prurient interests, rather than birthday presents, private. Even this use was relatively rare; only 8 percent of people used private browsing for their online sexual entertainment, with 6 percent using it for gift shopping and general Web browsing.

The use of private browsing also varied wildly between browsers. Internet Explorer users barely bothered—just 2 percent of them use it, even for X-rated sites—whereas some 14 percent of Safari users prefer to keep their dirty/gift-buying habits to themselves.

I use Chrome almost exclusively. However, I use Firefox for paying bills, run it in Private Browsing mode, and in a Sandboxie er.. sandbox. Then, even if things are on there that I don't want, they're deleted when I'm all done. No credit card information for you!

Incognito mode is also handy for seeing what a site looks like whilst logged out, without actually having to log out. Useful if you're developing a web app, or if you want to compare the logged in/not logged in experience, say to see what your facebook/linkedin profiles look like to the internet at large. On the topic of facebook, another good use is clicking random buttons you think look interesting, without worrying that they're about to post something dumb to your wall, for all to see.

And then there's always the dreaded Google, storing all of your dirty search habits and activities on websites like YouTube and Orkut.The internet is no longer a safer place for people looking for "a good night". Now get over it and buy yourself Playboy Magazine.

Obligatory mention of Beef Taco and BetterPrivacy: The former disables targeted advertising and analysis networks, which can easily see through private browsing. The latter notifies about and deletes Flash cookies and other stored objects.

Oh god... well, you asked for it! http://www.opera.com/BTW: I said "oh god" because I was surprised you didn't know about it. Not that it's a really well known browser these days, but that has been different some time ago.

Opera = the best web browser available since 1993. Opera has private browsing (it can be by tabs or windows), is the 4th or 5th most used web browser on the world and definitely should have been analised by the research but I think it hadn't been because they already know the issue doesn't exists in Opera private browsing feature. Haha!

]Opera = the best web browser available since 1993. Opera has private browsing trhough tabs / windows, is the 4th or 5th most used web browser on the world and should have been analised by the researsh.

Congrats for drinking the kool-aid. You are now part of the bizarre on-going fud campaign against Tor.

Tor provides anonymity, nothing more, nothing less. Information you transmit over Tor may be captured by end nodes, so you should encrypt sensitive data. Incidently, any information you transmit over the Internet may be captured everywhere else along the way, so you should encrypt sensitive data. Furthermore, you can easily break the anonymity Tor provides by shouting out your name or anything else that can be linked to you while using Tor.

With regards to that Wikileaks thing: The Wired article is referring to an article in the New Yorker and doesn't corroborate it in any way. The New Yorker basically claims that Wikileaks got some of their earliest "submissions" from "hackers from China [who] were using the network to gather foreign governments’ information" and recording that traffic. It goes on: "Only a small fraction has ever been posted on WikiLeaks, but the initial tranche served as the site’s foundation" (my markup).

The New Yorker doesn't actually seem to say that Assange flat out told them about this or how they got that part of the story. And I find it a bit surprising that government hackers would be dumb enough to do unencrypted transmissions of vital intel on the net, but if they were dumb enough to do it it serves them right. Which particular documents were gained through this method? Not even the New Yorker claims to know that. It all sounds a bit dubious to me, and not really relevant to the high profile leaks. It does add to the already big cache of entertaining internet folklore surrounding Wikileaks.

Ironically I would like to know this too, had a friend who was using Chrome until it had a conflict with MS Security Essentials then refused to launch at all, and I mean at all. He didn't like Firefox so I suggested Opera and long story short he uses it all the time for his "gift-buying".

I find Private Browsing infinitely useful when I want to do general web browsing on someone else's computer (like borrowing a friend's/sibling's/coworker's laptop for a couple minutes). Without a Private Browsing mode, it's not always a good idea to visit sites that allow persistent or automatic logins, because you might find yourself in the other person's email inbox or amazon account, and that just isn't nice.

You still need Flash for gift buying on sites like redtube.com. So I've heard, anyway.

Wait... have we coined a new euphemism?

A couple of months ago, I went to the toilet at work, only to find a 2-foot tall stack of old VHS porn movies in the corner of the cubicle. I took them back to the office and we all had a good laugh about it. Ever since then, going to have a shit has had the euphemism "looking for porn".

Whoa hold up. There are people who actually share their user account with others?? I mean, I could understand sharing a computer in some cases, and I've used Private Browsing on public terminals just for misc stuff like visiting Ars. But otherwise I protect the privacy of my browsing the same way I protect the privacy of the rest of my data, the normal, standard way of doing it: have my own account and have it encrypted (I have my own machine too which helps, but on a shared system that just matters even more). It has been a long, long time now since it was actually any work to have multiple accounts, and it also keeps preferences, applications, and so on all separate too which should just plain be convenient. As much as anything I'm stunned that it appears the researchers expect "private browsing" to get much use. Why would I bother with private browsing for something from my own account/machine? If someone gets in at all I'm screwed anyway.

there were times when something is valued by its contributions, its historical meanings, rather than just shares.

Still, 'non negligible market share' as a reason is good enough for me, now if only someone out there replay the tests/threats to opera's private browsing mode...

Perfect said!

Dark Empath wrote:

No mention of Seamonkey? This is... fair enough, given there's only 6 of us on the planet. Any more users and we'll overtake Opera in market share!

Seamonkey is just the same as Firefox and have the same bugs, Gecko / Webkit / Trident code derivatives are everywhere and contain just the same bugs as their "main" (somewhat based of) versions and I don't think they need to be tested. But Opera has its own rendering engine and code (Presto plus its own code for the whole browser, from UI to JS engine). That's why researchers should test Opera it doesn't matter its market share but its the real behavior differences when compared to other web browsers.If NetSurf Web Browser had private browsing feature I'd be here arguing for it be tested too.

edit: I noticed that Operas marketshare is increasing, up to a full 2.5% now! (Though oddly enough in some eastern-European countries it's the most popular browser, ie. if it was a Russian test, Opera would be there).